How does this work on a technical level? What stops an app bypassing the firewall?
Because TVs rapidly get outdated and die. If nothing else the 2inch thick bezels are an eye sore. Just because I don’t care about 4K doesn’t mean I don’t care about image quality. I’d prefer 1080p@60 over 4k@30.
720 to 4K is not the same as 480p to 720. The latter is far more noticeable. Most of the world hasn’t moved to 4K, I don’t see a huge amount of value in it personally.
You’re missing the point. Most people don’t want to download a video instead of streaming directly, which is a far lower barrier than procuring equipment, dealing with compatibility issues, doing system updates etc. I…
That’s a fair point.
As a side note, and I’ll create a separate thread: say my host is comprised by super sophisticated malware, aside from a reformat what other sanitisation practices can I do? Can I ever trust the hardware again? I don’t…
If you wanna go a little bit more paranoid, use a dedicated host to virtualise those machines and connect to the host via RDP/whatever, that should create another layer of safety.
No the risk is that somebody has decided to disregard security and general security process and create shadow IT, which if left unchecked will create massive problems within the organisation long term. If the culture is…
Nah you pull it offline and tell them to follow correct procurement and development practices. If your development teams aren’t talking to your security teams you have bigger problems than Wordpress.
You need to tweet your view of security requirements if you want to provide IT functions to users. Yes they are a nice to have, yes the cost of a data breach either to you or the user are highly damaging. There’s…
See comment on parent.
I think ‘stop wasting time on dumb stuff and focus on actual security’ is a good take home for the HN crowd. Time and money is finite, so spend it wisely.
No it’s not recommending snake oil and telling them to do things properly instead I don’t. Care if that makes the security industry dry up, my only hope is that if it does the snake oil salespeople die with it.
I’ll ignore your condescending dribble but: > Let’s also not forget that there is good money to be made off consulting for those companies that are “fucked” Where the hell are your ethics?
Or maybe I’m just not scraping bottom of the barrel when it comes to security assessments. If the software is at that point the organisation is well and truly fucked, waf or not.
What if the payload is ‘a,b’ which renders as Select a, b from foo;
Right but I’m the context of antivirus you’re executing unconstrained data in an unconstrained environment, in appsec you can handle data correctly rather than rely on a third party product that can’t contextualise or…
I hate these kind of defenses. If your application is vulnerable to sqli, select is one of many tools an attacker can use and you’re pretty much screwed anyway. Instead, use sane tooling, like modern ORMs and parameter…
Also be sure to check out the super Mario world flappy bird code injection: https://youtu.be/hB6eY73sLV0
2037 is a potential overflow, I believe. I imagine only pre 2000 systems would likely be affected.
I’d love $myhandle.sucks but alas the domain registrar decided to charge extortion rates in the hopes that large companies register their own domain to prevent hate sites >_>
Esoteric hardware won’t work first, then maybe browsers. I’d estimate 15 years. I was not using pulse or systemd until early this year, having used Linux since 2008 thats a pretty decent lifespan. It was finally…
I’m not an X hater but just know you’ve given that server access to your display socket which is effectively remote command execution. In most cases this could be solved with a good web user interface, but you can rest…
The beauty of public key cryptography is they don’t need to hold your private key, ever :)
I regularly wonder why we don’t have some form of physical verification token which signs things with our identity, the whole system is broken in that regard.
How does this work on a technical level? What stops an app bypassing the firewall?
Because TVs rapidly get outdated and die. If nothing else the 2inch thick bezels are an eye sore. Just because I don’t care about 4K doesn’t mean I don’t care about image quality. I’d prefer 1080p@60 over 4k@30.
720 to 4K is not the same as 480p to 720. The latter is far more noticeable. Most of the world hasn’t moved to 4K, I don’t see a huge amount of value in it personally.
You’re missing the point. Most people don’t want to download a video instead of streaming directly, which is a far lower barrier than procuring equipment, dealing with compatibility issues, doing system updates etc. I…
That’s a fair point.
As a side note, and I’ll create a separate thread: say my host is comprised by super sophisticated malware, aside from a reformat what other sanitisation practices can I do? Can I ever trust the hardware again? I don’t…
If you wanna go a little bit more paranoid, use a dedicated host to virtualise those machines and connect to the host via RDP/whatever, that should create another layer of safety.
No the risk is that somebody has decided to disregard security and general security process and create shadow IT, which if left unchecked will create massive problems within the organisation long term. If the culture is…
Nah you pull it offline and tell them to follow correct procurement and development practices. If your development teams aren’t talking to your security teams you have bigger problems than Wordpress.
You need to tweet your view of security requirements if you want to provide IT functions to users. Yes they are a nice to have, yes the cost of a data breach either to you or the user are highly damaging. There’s…
See comment on parent.
I think ‘stop wasting time on dumb stuff and focus on actual security’ is a good take home for the HN crowd. Time and money is finite, so spend it wisely.
No it’s not recommending snake oil and telling them to do things properly instead I don’t. Care if that makes the security industry dry up, my only hope is that if it does the snake oil salespeople die with it.
I’ll ignore your condescending dribble but: > Let’s also not forget that there is good money to be made off consulting for those companies that are “fucked” Where the hell are your ethics?
Or maybe I’m just not scraping bottom of the barrel when it comes to security assessments. If the software is at that point the organisation is well and truly fucked, waf or not.
What if the payload is ‘a,b’ which renders as Select a, b from foo;
Right but I’m the context of antivirus you’re executing unconstrained data in an unconstrained environment, in appsec you can handle data correctly rather than rely on a third party product that can’t contextualise or…
I hate these kind of defenses. If your application is vulnerable to sqli, select is one of many tools an attacker can use and you’re pretty much screwed anyway. Instead, use sane tooling, like modern ORMs and parameter…
Also be sure to check out the super Mario world flappy bird code injection: https://youtu.be/hB6eY73sLV0
2037 is a potential overflow, I believe. I imagine only pre 2000 systems would likely be affected.
I’d love $myhandle.sucks but alas the domain registrar decided to charge extortion rates in the hopes that large companies register their own domain to prevent hate sites >_>
Esoteric hardware won’t work first, then maybe browsers. I’d estimate 15 years. I was not using pulse or systemd until early this year, having used Linux since 2008 thats a pretty decent lifespan. It was finally…
I’m not an X hater but just know you’ve given that server access to your display socket which is effectively remote command execution. In most cases this could be solved with a good web user interface, but you can rest…
The beauty of public key cryptography is they don’t need to hold your private key, ever :)
I regularly wonder why we don’t have some form of physical verification token which signs things with our identity, the whole system is broken in that regard.